Greeting Malone Community!
Today we learn more about the SSO [Single Sign On] and MFA [Multi Factor Authentication] setup we have adopted at Malone:
- Google 2 factor error resolved for faculty and staff
- How often do I need to do the extra MFA step?
- How do I change my MFA and password rescue options?
- Description of password rescue and MFA Options
- Why are we doing this?
- Places to launch your apps!
Google 2 factor error resolved for faculty and staff
Good news! We worked with Google Engineers and Support yesterday and were able to fix the error that many faculty and staff would get when they tried to sign into the malone.edu email. The, "Your sign-in settings don't meet your organization's 2-step Verification policy" should no longer be a problem. Please contact the IT Help Desk if you continue to have this problem.
How often do I need to do the extra MFA step?
Remember that MFA makes it harder for a bad actor to gain access to your account and the sensitive data that your account allows you to access. MFA is something you know (like a password) and something you have (like a cell phone with an authenticator app or that gets sent a text message with a code).
How often you are prompted to perform the second MFA step will depend on a number of factors. We are still formulating the balance between ease of access and security and have already made some changes to reduce the number of times each user must use a second factor to authenticate.
Here are some broadly applicable guidelines of how often you will need to use a second factor [MFA] when authenticating:
- When it is the first time that you log into Malone services on a new computer or a different web browser on that computer.
- When using a laptop and your physical or logical (Internet) location changes significantly. This could be as drastic as logging on in Canton and then flying to Chicago and reconnecting or as simple as connecting to Malone wifi and then later connecting with a Verizon wireless hotspot.
- Depending on who you are, you might be prompted more often. If you have a job responsibility that gives you extra access to sensitive info, you may be prompted more often. If you are VP or the President, you may get prompted more often than if you are a student.
- Depending on what service you are using, you may get prompted more often. Example: If you are using our VPN to connect to campus to perform remote work (faculty and staff), you will be asked to MFA EVERY TIME you connect.
- As of this writing on Friday, 13 January 2023 and in most cases (except for those mentioned above), your MFA will last seven days.
How do I change my MFA and password rescue options?
I have had a number of staff and faculty tell me that they set up their office phone to be called as one of their MFA options. This is fine as long as the only place you log into Malone systems is in your office. The next section of this post tells about the different options for MFA and password rescue, but if you want to change your MFA selections, you can do this from any Microsoft screen, say office.com . can also click the Here are the steps to access your security settings click by click:
- From any Microsoft service, click your avatar/account icon in the top right corner:
- Click "View account" from the menu that appears.
- Find the card for "Security Info" and click it the "Update info" link on that card. You may need to MFA to access and change the settings.
- Review and update your sign-in methods.
The direct link to manage your Malone MS Azure account's security settings is:
If you have lost access to your MFA methods and are unable to access your account, you can contact the Help Desk and we will reset your MFA options so that you can re-enroll.
Recommendation
Set up more than one MFA option in case one is unavailable.
Description of Password Rescue and Multifactor Options
We put together this slideshow to help guide folks through the MFA enrollment process. Click on the links to read about the different password rescue and MFA options.
Why are we doing this?
We know that this new process makes it take longer to sign into our systems. We know that it is inconvenient to have to carry or otherwise access that second factor to complete your sign-in. There are a few reasons we are doing this:
- To protect our data
- To enhance our online presence
- For regulatory compliance
To protect our data
Students, faculty, and staff have access to varying degrees of personal identifiable information [PII] and non-public personal information [NPI]. MFA prevents a would-be attacker from accessing your account because they do not have the second factor.
It also encourages good account behavior in that it is harder for people to share an account. Remember that you are responsible for any actions taken while your account is logged in. Never share your username and password credentials with others.
To enhance our online presence
Adding this additional layer of security allows us to make more systems available securely online. More to come in this area, but we are excited to offer additional tools in the next couple years to students, faculty, and staff!
For regulatory compliance
Malone University is beholden to multiple federal and state regulations. Letter spaghetti includes but is not limited to GLBA, FERPA, HIPAA, HIPAA HITECH, FSA of DOE, Sarbanes-Oxley, etc. Many of these regulatory agencies and legislation require MFA in addition to other compliance regulations.
Places to launch your apps!
If you've read this far down, we hope these links made it worth it all! There are three places from which you can switch between applications. In many cases, you can get back and forth between the three.
- The Launchpad on Malone Xpress: https://jics.malone.edu
- The Microsoft Myapps platform: https://myapps.microsoft.com OR the grid icon while you are in a Microsoft app. It's located in the top left corner and looks like this:
- The Google Workspace App chooser located in the top right corner of a Google Workspace app:
No comments:
Post a Comment